A: As health care provider organizations become more linked in their data systems to drive better care through connectivity, their data security risk increases. More access points create greater opportunity to breach a system, and interoperability allows the intruder greater access to more data while masking detection. Health systems are turning their focus and making investments in cyber security efforts, not just in building and securing firewalls, but in training colleagues in spotting breach attempts, and raising awareness at all levels of the organization to the impact and potential cost in time and productivity should a breach occur. For health plans, the risk is even more acute as they are targets for sophisticated hackers given the amount of data available. Cyber underwriters have responded by restricting the amount of coverage they make available in some cases and substantially raising prices — especially for health insurers. Health insurers and providers are managing the cost of coverage by increasing retentions or accepting sublimits for various aspects of coverage.

Q: What other risks are affecting the health care business?

A: Large “batch” claims — similar yet separate incidents arising from the alleged wrongdoing of one provider that are treated as one claim under a medical malpractice insurance policy — are as much a concern for health providers as data security risk is across the industry. The rise in frequency of these types of losses and the growing severity of the value of damages is causing many systems to re-evaluate their credentialing procedures of their providers, and design tighter feedback loops with physicians and clinical staff on case reviews. Some are concerned that the employment of physicians is creating more exposure to batch situations, but others see it conversely — that employment can also mitigate future batch claims through increased risk management oversight.

Q: What emerging trends do you expect to see for health care risk management in the near future?

A: The shift from fee-for-service revenue reimbursement to value-based revenue contracting with both the Centers for Medicare and Medicaid Services and commercial insurers continues to impact health care risk management. Providers are entering into new risk-assuming managed care contracts with little to no information on the patient populations for which they will be responsible. Not only might these patient populations have severe pre-existing medical conditions, but the maximum coverage limits have been eliminated under the Affordable Care Act, exposing health providers to significant financial loss should a patient suffer a catastrophic incident or illness. As a result, we are seeing increased demand for provider excess loss insurance coverage — a trend we see continuing for the foreseeable future.